Practice privacy by design, not privacy by disaster!
See the talk here: http://caseorganic.com/articles/2014/02/12/1/designing-for-privacy-in-mobile-and-web-apps-at-interaction-14-in-amsterdam
Almost every application requires some gathering of personal data today. Where that data is stored, who has access to it, and what is done with that data later on is becoming increasingly important as more and more of our data lives online today. Privacy disasters are costly and can be devastating to a company. UX designers and developers need to have a framework for protecting user data, communicating it to users, and making sure that the entire process is smoothly handled.
This talk covers best practices for designing web and mobile apps with the privacy of individual users in mind. Privacy has been an even bigger issue with location-based apps, and we ran into it head-first when we began work on Geoloqi (now part of Esri). Designing an interface that made one's personal empowering instead of creepy was our goal. The stories from our design decisions with our application will also be included in this talk.
Privacy on the Web
Social silos don't exist. Where you go on
the web is not tracked
Logged into FB, Google: everything you
look at is tracked
“We invest much of our lives into
virtual ‘condos’ that anyone can
walk into and do what they like.”
Changing user interfaces
How can we design for
1. Temporary Solution (Privacy by Design)
2. Longer term Solution (Data Ownership)
Privacy by Design: Ann Cavoukian, Ph.D. Information & Privacy
Commissioner, Ontario, Canada. http://www.privacybydesign.ca/
to be "calm"
upon previous products (iteration)
deﬁned. (Lifelogging device).
at eye level. Small friendly rounded
immediate (download later)
Building privacy into
mobile and web apps
Privacy policies are regret
Only 30% of mobile app
developers have one.
Who you are (identity and contact details),
Categories of personal data the app wants to
Why the data processing is necessary (for what
Whether data will be disclosed to which third
Data withdrawal rights and account deletion policy
2. Simplify and Consolidate
Privacy policies should be easy
Create two sections – Plain Text
Terms of Service; Didn't Read
Reserves the right to use your name and content for
any purpose forever, even if they get acquired in
Communities don't own their content and can't
transfer it off their site.
tosdr.org (thanks bret.io!)
How many of you have
read the entire iTunes
3. Allow people to access /
export their data
4. Privacy by design vs. privacy by
Privacy consideration should be
incorporated into every aspect of
Web, legal, user experience, messaging,
marketing and development.
Act now or be forced to act later.
5. Consolidate and simplify
settings and permissions
easy to access.
6. Contextual Privacy
Foursquare do this well.
Expose privacy controls
with every piece of
content that can be
created or shared
7. No one is perfect
Hosting user data is a
privilege, not a right
Apologize immediately if
you make a mistake. Fix
the problem immediately
8. Authentication and Permissions
8. Authentication and Permissions
When in doubt
Why do we need an IndieWeb?
Afraid of losing your photos and files
1 Frozen account due to violated TOS
2 Lost content due to acquisition
3 Silos profiting off your data
4 The ability to create again
The freedom to decide what content and
what types of content to publish, and to
store over time
Control your UI/UX – you decide
Own your content forever
Homestead, don't Sharecrop!
A home for your data
Your blog becomes a creative outlet
for you + learning place for new stuff
Hyperlinks on the open web, giving
web back its richness